Securing Photos on Mobile phones

Hi All,

We have users that visit a lot of external locations and take photos of sensitive data, this is against the policy but makes their lives a million times easier so hard to enforceInstead I would like to find a solution that ensures the photos are properly encrypted and not uploaded to the cloud and ideally a corporate solution

Re: Securing Photos on Mobile phones

We have users that visit a lot of external locations and take photos of sensitive data, this is against the policy but makes their lives a million times easier so hard to enforceInstead I would like to find a solution that ensures the photos are properly encrypted and not uploaded to the cloud and ideally a corporate solution

Does anyone have any recommendations?

Alexander, as long as an enterprise "saves" money by using BYOD (Bring Your Own Device) policies to have employees use their personally owned mobile phones for work purposes, you are out of luck. If you belly up to the bar and provide enterprise-owned phones to those employees, and implement a full enterprise control system on those devices, you can reduce greatly (but probably not eliminate) these breaches of security policy.

SO, how about examining the current policy, and modify it, with meaningful and easy-to-use procedures, to help the employees work "a million times easier." Policies that interfere with a worker's primary duties guarantee work-arounds and subversion.

Re: Securing Photos on Mobile phones

We ran into a similar issue with Office 365. We were having users showing up with dual concurrent successful logins on both sides of the USA, 1 East Coast city and one West Coast city. Impossible to be in 2 places at once. We wondered if their account had been compromised. Upon investigation we discovered that they had installed the O365 app on their personal phone and accessing their corporate account and were using a VPN obfuscation service (Hide my IP) on their personal phone. Where did this IP obfuscation service reside? On the West Coast. Problem identified. Now we realized we had to fix our BYOD and Appropriate use policies.

My stance has always been, if the company wants you to access the company's IT stuff on a phone, we will give you a phone (or other mobile device) (or should be providing it). Just because you are able to do something does not always mean it is approved. We had to politely ask people not to access their corporate accounts on their personal devices, to include home computers.

Re: Securing Photos on Mobile phones

@GinGa Does you organisation have a corporate security policy which extends to allowing personal mobile phones on site, as long as you apply the corporate Mobile Device Management (MDM), if not in our case, you would not be permitted on the corporate network or even the guest internet via WiFi. By default the corporate MDM encrypts all data including photographs on the mobile phone and of course, if you loose it, it will by instruction locate and remove everything from the system entirely - albeit it still has power.

In terms of not loading up to the cloud, it really depends on whether the users are using your organisational infrastructure, if so, then a Cloud Access Security Broker (CASB), will do a great job of enforcing the corporate policy and detecting illicit attempts to send the photographs unauthorised places.

I think, all employees will have had to sign up to the Corporate Security Policies, and be part of the Mobile Device Management scheme or they would not be permitted to use their own devices unless they then apply the corporate MDM to those devices.

Otherwise, you will simply not be able to manage the BYOD into the corporate environment. You could of course invoke the Mobile phone blocking technology, adopted in many education establishments and prisons.

Re: Securing Photos on Mobile phones

> GinGa (Viewer) posted a new topic in Privacy on 02-04-2020 04:48 AM in the

> Does anyone have any recommendations?

Be realistic and specific in writing policy? If your policy has a stupid provision,and people have to do things to get around it, they will get used to circumventingpolicy as a matter of course.

(I recall going in to one venue to teach. The security guard was a fussy little twitwith all kinds of requirements. He was sitting beside a sign that said "No camerasor recording devices of any kind!" I did *not* point out that I was carrying twolaptops, both equipped with Webcams, and (for some reason that I can't recall)also two smartphones, all of which I needed for the seminar ...)

Re: Securing Photos on Mobile phones

Thanks all for your replies

I fully agree that if a policy is to strict that people will stop following it and do their own thing but I also cannot just change the policy so that everything the users want or need to do is allowed

In this case I was looking for a technical solution where the users can work efficiently while our data is safeguarded

I am looking into a MDM solution in combination with a scanner type of app for now

Re: Securing Photos on Mobile phones

@denbestenAbsolutely, correct, but given the majority of education establishments are Government funded or linked directly to Government entities - definitely when it comes to examination time - they do certainly put in place mobile blocking technology or in places of correction. This may include Bluetooth, wireless WiFi and other such technologies given the capabilities of modern students to work around the system. Given that IoT devices, have unregistered wireless protocols in proprietary devices.

The establishments would most certainly have authority to put such devices in place, and in recently I have seen even moves to even block Shadow IT via Cloud Access Security Brokers (CASBs), given the extent of the ingenuity of the potential perpetrators. Due to data leakage and the bypassing of controls, as we have witnessed via the cloud.

Social Media

All contents of this site constitute the property of (ISC)², Inc. and may not be copied, reproduced or distributed without prior written permission. (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered certification marks of (ISC)², Inc.